How severe is CVE-2023-34449?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2023-34449?

This is classified as CWE-253, which is a common weakness in software security.

CVE-2023-34449 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

ink! is an embedded domain specific language to write smart contracts in Rust for blockchains built on the Substrate framework. Starting in version 4.0.0 and prior to version 4.2.1, the return value when using delegate call mechanics, either through `CallBuilder::delegate` or `ink_env::invoke_contract_delegate`, is decoded incorrectly. This bug was related to the mechanics around decoding a call's return buffer, which was changed as part of pull request 1450. Since this feature was only released in ink! 4.0.0, no previous versions are affected. Users who have an ink! 4.x series contract should upgrade to 4.2.1 to receive a patch.

Related Vulnerabilities

CVE-2022-24880

MEDIUM

CVSS:5.3(Medium)

flask-session-captcha is a package which allows users to extend Flask by adding an image based captcha stored in a server side session. In versions prior to 1.2.1, he `captcha.validate()` function wou...

CWE-2532022

CVE-2020-6107

MEDIUM

CVSS:4.4(Medium)

An exploitable information disclosure vulnerability exists in the dev_read functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause an uninitialized read resulting in ...

CWE-2532020

CVE-2017-7474

CRITICAL

CVSS:9.8(Critical)

It was found that the Keycloak Node.js adapter 2.5 - 3.0 did not handle invalid tokens correctly. An attacker could use this flaw to bypass authentication and gain access to restricted information, or...

CWE-2532017

CVE-2023-4501

CRITICAL

CVSS:9.8(Critical)

User authentication with username and password credentials is ineffective in OpenText (Micro Focus) Visual COBOL, COBOL Server, Enterprise Developer, and Enterprise Server (including product variants ...

CWE-2532023

CVE-2023-24487

HIGH

CVSS:7.5(High)

Arbitrary file read in Citrix ADC and Citrix Gateway

CWE-2532023

CVE-2023-49286

HIGH

CVSS:7.5(High)

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Incorrect Check of Function Return Value bug Squid is vulnerable to a Denial of Service attack against its Helper ...

CWE-2532023